US9917858B2ActiveUtilityPatentIndex 81
Honey user
Est. expiryApr 1, 2035(~8.7 yrs left)· nominal 20-yr term from priority
H04L 63/10H04L 67/1097H04L 63/1433H04L 67/02H04L 67/22H04L 63/1441H04L 67/306H04L 63/1416H04L 63/08H04L 67/535H04L 63/1425
81
PatentIndex Score
12
Cited by
17
References
20
Claims
Abstract
Systems and methods of managing the security of a networked environment based on activity associated with deployed pseudo-accounts are presented. In one embodiment, a plurality of pseudo-accounts are deployed in one or more networks, domains, or virtual machines and activity associated with the pseudo-accounts is collected to identify security risks to facilitate remediation and mitigation.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system for monitoring a secure environment, the system comprising:
a first database module comprising account information specifying one or more accounts;
a first processing module configured to generate pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user and insert the pseudo-account credentials into the first database module; and
a second processing module configured to detect in real time activity in the secure environment associated with one or more pseudo-account credentials.
2. The system according to claim 1 , wherein the account information comprises authentication credentials.
3. The system according to claim 2 , wherein the authentication credentials comprise a user ID and a password.
4. The system according to claim 1 , wherein the pseudo-account credentials comprises one or more of a pseudonym, pseudo-address, and pseudo-demographic information.
5. The system according to claim 1 , wherein the first processing module is further configured to present a user interface operable to receive information related to the one or more pseudo-account credentials.
6. The system according to claim 1 , wherein the first processing module is further configured to add information about the one or more pseudo-account credentials to a database of monitored accounts.
7. A system for monitoring a secure environment, the system comprising:
a first processing module configured to log the activity of a plurality of user accounts in the secure environment;
a second processing module configured to store on a computer readable medium information about the activity of the plurality of accounts;
a third processing module configured to search the stored activity information for pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user; and
a fourth processing module configured to detect in real-time activity associated with one or more pseudo-account credentials among the stored activity information.
8. The system according to claim 7 , wherein the fourth processing module is configured to generate and store a report based on the detection of the activity of one or more pseudo-account credentials.
9. The system according to claim 7 , wherein the activity information comprises records of authentication attempts.
10. The system according to claim 7 , wherein the activity information comprises changes to information related to the plurality of user accounts.
11. The system according to claim 10 , wherein the information related to the plurality of user accounts comprises one or more of profile information and privilege settings.
12. The system according to claim 7 , wherein the fourth processing module is configured to indicate that it failed to detect activity of one or more pseudo-account credentials among the stored activity information.
13. The system according to claim 7 , wherein the secure environment is a networked collection of computing devices.
14. The system according to claim 7 , wherein the secure environment is a domain.
15. The system according to claim 7 , wherein the secure environment is a computer system having different privilege levels.
16. A computer implemented method for monitoring a secure environment, the method comprising:
logging activity of a plurality of user accounts in the secure environment using a first processing module;
storing on a computer readable medium information about the activity of the plurality of accounts using a second processing module;
searching in real time the stored activity information, using a third processing module, for activity associated with one or more pseudo-account credentials that are not and will not be assigned to an account associated with an authorized user; and
generating and storing one or more reports based on the detection of activity associated with one or more pseudo-account credentials using a fourth processing module.
17. The method according to claim 16 , further comprising identifying at least one of the plurality of user accounts using a device database associating a plurality of device labels with user information and an authentication record.
18. The method according to claim 17 , wherein the device label is a domain name or an internet protocol address.
19. The method according to claim 17 , wherein the device database is updated upon a dynamic host configuration protocol lease renewal, a virtual private network internet protocol address assignment, or both.
20. The system according to claim 17 , wherein the authentication record is an active directory log.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.